Presentation | 2013-07-19 Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities Khamphao SISAAT, Hiroaki KIKUCHI, Surin KITTITORNKUN, Chaxiong YUKONHIATOU, Masato TERADA, Hiroshi ISHII, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Ini-tiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between ac-tive bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Botnet / honeypot / IIJ Dataset / CCC Dataset / Correlation Analysis |
Paper # | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
Date of Issue |
Conference Information | |
Committee | SITE |
---|---|
Conference Date | 2013/7/11(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Social Implications of Technology and Information Ethics (SITE) |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Botnet |
Keyword(3) | honeypot |
Keyword(4) | IIJ Dataset |
Keyword(5) | CCC Dataset |
Keyword(6) | Correlation Analysis |
1st Author's Name | Khamphao SISAAT |
1st Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand.() |
2nd Author's Name | Hiroaki KIKUCHI |
2nd Author's Affiliation | The author is with the School of Interdisciplinary Mathemat-ical Sciences, Meiji University, Japan. |
3rd Author's Name | Surin KITTITORNKUN |
3rd Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand. |
4th Author's Name | Chaxiong YUKONHIATOU |
4th Author's Affiliation | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand. |
5th Author's Name | Masato TERADA |
5th Author's Affiliation | The authors is with the Hitachi, Ltd., Japan. |
6th Author's Name | Hiroshi ISHII |
6th Author's Affiliation | The author is with the School of Information and Telecommunication Engineering, Tokai University, Japan. |
Date | 2013-07-19 |
Paper # | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
Volume (vol) | vol.113 |
Number (no) | 136 |
Page | pp.pp.- |
#Pages | 8 |
Date of Issue |